> https://www.opb.org/news/article/npr-sounding-the-alarm-
> about-a-new-russian-cyber-threat/
>
> It recommends following your router manufacturer's guidance on making sure
> the router is secure. It doesn't say specifically what to search for. I
> have a Buffalo WZR-600DHP running OpenWrt LuCI, Attitude Adjustment 12.09.
> What foo should I use to determine what version of firmware I should be
> running to be reasonably secure?
>


Dear God. You just linked to an HTTPS website that contains insecure
content. I examined the source code for that web page, and nearly drowned
in the tsunami of Javascript that filled my screen.


Supposedly, the authenticity of opb.org was verified by a certificate,
however there are some jpg images being displayed that were retrieved via
the HTTP protocol.

Looks fishy, does anybody here know who
opb-imgserve-production.s3-website-us-west-2.amazonaws.com is? There are a
number of images on that article page that are linked from that domain over
HTTP. It's not a mistake, since they appear to be inaccessible when making
the request over https://.....

http://opb-imgserve-production.s3-website-us-west-2.amazonaws.com/c_limit,g_center,h_480,q_90,w_620/583fb000afffed62434e727397972932.jpg

I'm not exactly sure how "bad" this is, but just to be safe I'm going to
update my firmware AND stop visiting www.opb.org   :-(
_______________________________________________
PLUG mailing list
PLUG@pdxlinux.org
http://lists.pdxlinux.org/mailman/listinfo/plug

Reply via email to